Resources

Tripwire VERT Security Update
Blog

VERT Threat Alert: September 2024 Patch Tuesday Analysis

By Tyler Reguly on Tue, 09/10/2024
Today’s VERT Alert addresses Microsoft’s September 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1123 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2024-38217Windows uses the Mark of the Web (MoTW) to identify files downloaded from the Internet. This is done by setting the NTFS Zone.Identifier alternate Data...
Vulnerability & Risk Management
VERT Research
Exploring the Impact of NIST SP 800-53 on Federal IT Systems
Blog

Exploring the Impact of NIST SP 800-53 on Federal IT Systems

By David Henderson on Thu, 08/15/2024
NIST SP 800-53 is a framework developed by the National Institute of Standards and Technology (NIST) that provides guidelines and best practices for securing federal information systems and protecting the privacy of individuals whose information these systems handle.The Special Publication has gone by several different names. NIST initially released Special Publication 800-53 in 2005 under the...
Cybersecurity
Compliance
NIST
Updates and Evolution of the NIST Cybersecurity Framework: What’s New?
Blog

Updates and Evolution of the NIST Cybersecurity Framework: What’s New?

By Josh Breaker-Rolfe on Wed, 08/14/2024
The NIST Cybersecurity Framework (CSF), published by the US National Institute of Standards and Technology (NIST), is a widely used set of guidelines for mitigating organizational cybersecurity risks. It contains recommendations and standards to help organizations identify and detect cyberattacks and advice on how to respond, prevent, and recover from cybersecurity incidents.Since Version 1.0’s...
Cybersecurity
Compliance
NIST
Tripwire VERT Security Update
Blog

VERT Threat Alert: August 2024 Patch Tuesday Analysis

By Tyler Reguly on Tue, 08/13/2024
Today’s VERT Alert addresses Microsoft’s August 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1119 as soon as coverage is completed.In-The-Wild & Disclosed CVEsCVE-2024-38178CVE-2024-38178 describes a vulnerability in the Microsoft Edge scripting engine when run in Internet Explorer Mode. On top of requiring Edge be running in...
Vulnerability & Risk Management
VERT Research
The Dual Impact of AI on Power Grids: Efficiency and Vulnerability
Blog

The Dual Impact of AI on Power Grids: Efficiency and Vulnerability

By Emily Newton on Wed, 07/24/2024
Artificial intelligence (AI) has emerged as a promising solution to modernize power grids. The technology, alongside other upgrades like Internet of Things (IoT) connectivity, could make energy infrastructure more reliable and sustainable. However, AI power grids also pose significant cybersecurity risks.Attacks against critical infrastructure are becoming more common. As energy authorities ramp...
Cybersecurity
Industrial Control Systems
Tripwire VERT Security Update
Blog

VERT Threat Alert: July 2024 Patch Tuesday Analysis

By Tyler Reguly on Tue, 07/09/2024
Today’s VERT Alert addresses Microsoft’s July 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1114 as soon as coverage is completed. In-The-Wild & Disclosed CVEsCVE-2024-38112A vulnerability in the Windows MSHTML Platform could allow spoofing to occur. Successful exploitation of this vulnerability requires that the attacker convince...
Vulnerability & Risk Management
VERT Research
Tripwire VERT
Blog

VERT Threat Alert: June 2024 Patch Tuesday Analysis

By Tyler Reguly on Tue, 06/11/2024
Today’s VERT Alert addresses Microsoft’s June 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1110 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2023-50868 The only disclosed vulnerability we have this month, is CVE-2023-50868, a DNSSEC protocol level vulnerability that can lead to denial of service. The...
Vulnerability & Risk Management
VERT Research
a plug in a plug socket
Blog

EU Is Tightening Cybersecurity for Energy Providers

By Josh Breaker-Rolfe on Wed, 05/29/2024
The energy sector is having a tumultuous decade. During the COVID pandemic, the price of oil plummeted. In 2021, a ransomware attack forced one of the US’s most significant oil pipelines to cease operations for five days, causing a state of emergency in seventeen states. Putin’s war in Ukraine has disrupted natural gas supplies across Europe. And now, it seems, it is the electricity providers’...
Cybersecurity
Industrial Control Systems
Guide

What Experts Have to Say About Choosing the Right Cybersecurity Frameworks

Frameworks like the Center for Internet Security (CIS) Controls, MITRE ATT&CK and the National Institute of Standards and Technology (NIST) Cybersecurity Framework give organizations clear, step-by-step methodologies for protecting their sensitive data, leveraging a wealth of industry knowledge to take the guesswork out of your security program.While these cybersecurity frameworks aren’t mandatory...
Cybersecurity
Compliance
CIS Controls
NIST
Top-7-Technical-Resource-Providers-for-ICS-Security-Professionals
Blog

Top 7 Technical Resource Providers for ICS Security Professionals

By Anastasios Arampatzis on Wed, 05/15/2024
Attacks against industrial control systems (ICS) are on the rise. Cyberattacks are more prevalent, creative, and faster than ever. So, understanding attackers' tactics is crucial. The IBM Security X-Force Threat Intelligence Index 2023 highlights that backdoor deployments enabling remote access to ICS systems were the most common type of attacker...
Industrial Control Systems
Tripwire VERT Security Update
Blog

VERT Threat Alert: May 2024 Patch Tuesday Analysis

By Tyler Reguly on Tue, 05/14/2024
Today’s VERT Alert addresses Microsoft’s May 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1106 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2024-30040 Up first this month, we have a security feature bypass in MSHTML. More specifically, we have an Object...
Vulnerability & Risk Management
VERT Research
The Impact of NIST SP 800-171 on SMBs
Blog

The Impact of NIST SP 800-171 on SMBs

By Josh Breaker-Rolfe on Mon, 05/06/2024
From more broad laws like GDPR to industry-specific regulations like HIPAA, most organizations today must comply with some kind of data protection guideline. Some businesses may even have to comply with numerous data protection regulations. As such, compliance with data protection regulations has become increasingly complicated. National Institute...
Cybersecurity
Compliance
NIST
Tripwire VERT
Blog

VERT Threat Alert: April 2024 Patch Tuesday Analysis

By Tyler Reguly on Tue, 04/09/2024
Today’s VERT Alert addresses Microsoft’s April 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1101 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2024-26234 This CVE describes a Proxy Driver Spoofing Vulnerability that, thanks to Microsoft’s new CWE listings, we...
Vulnerability & Risk Management
VERT Research
Datasheet

What Makes Fortra’s Tripwire Different

Are you weighing your options between integrity management solutions? Evaluating, purchasing, and deploying new software is hard work, especially when you get down to the granular details of understanding which solutions have which capabilities and matching those capabilities to your organization’s particular needs. In an industry buzzing with ever-changing terminology and a profusion of vendors...
Vulnerability & Risk Management
Cybersecurity
Compliance
File Integrity & Change Monitoring
Incident Detection & Investigation
Industrial Control Systems
IT Security Operations & Asset Discovery
Managed Security Services
Security Configuration Management
Blog

VERT Threat Alert: March 2024 Patch Tuesday Analysis

By Tyler Reguly on Tue, 03/12/2024
Today’s VERT Alert addresses Microsoft’s March 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1097 as soon as coverage is completed. In-The-Wild & Disclosed CVEs There were no in-the-wild or disclosed CVEs included in the March Patch Tuesday release. CVE Breakdown by Tag While...
Vulnerability & Risk Management
VERT Research
So You Want to Achieve NERC CIP-013-1 Compliance…
Blog

So You Want to Achieve NERC CIP-013-1 Compliance...

By Anastasios Arampatzis on Wed, 03/06/2024
Energy efficiency and availability is a major concern for all countries and governments. The electric grid is a vital sector, and any malfunctions will create ripple effects on any nation’s economy. As the grid is heavily dependent on cyber-enabled technologies and a vast chain of suppliers, contractors, and partners, the ability to safeguard the...
Compliance
Industrial Control Systems
What Are the Top 7 DDoS Mitigation Tactics for Energy Grids?
Blog

What Are the Top 7 DDoS Mitigation Tactics for Energy Grids?

By Emily Newton on Tue, 03/05/2024
Distributed Denial of Service (DDoS) attacks occur when adversaries overwhelm a connected target’s resources, aiming to make it unavailable. Learning the best strategies to protect from DDoS attacks is critical to energy grid cybersecurity. A well-planned DDoS attack on the grid could halt essential services, cause substantial disruptions to...
Cybersecurity
Industrial Control Systems
Improving OT Security in Industrial Processes
Blog

Improving OT Security in Industrial Processes

By Lane Thames on Tue, 02/27/2024
Have you ever considered that even before you enjoy the first sip of your favorite morning beverage, you have probably interacted with at least half of the 16 critical infrastructure sectors that keep a nation running? In one way or another, the simple act of brewing a cup of tea would probably not be possible without interacting with water, energy,...
Cybersecurity
Industrial Control Systems
Tripwire VERT Security Update
Blog

VERT Threat Alert: February 2024 Patch Tuesday Analysis

By Tyler Reguly on Tue, 02/13/2024
Today’s VERT Alert addresses Microsoft’s February 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1093 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2024-21351 This CVE describes a bypass in the Windows SmartScreen Security Feature. At this point, these bypasses...
Vulnerability & Risk Management
VERT Research
WaterISAC: 15 Security Fundamentals You Need to Know
Blog

WaterISAC: 15 Security Fundamentals You Need to Know

By Stefanie Shank on Wed, 01/24/2024
2023 saw two concerning attacks on public water systems, highlighting the fragility and risk to utility systems. In Pennsylvania, malicious hackers breached the Municipal Water Authority of Aliquippa system the night after Thanksgiving. The criminals were making a political statement: the technology used to manage water pressure was developed by...
Cybersecurity
Industrial Control Systems